Scribd Logo
Importer

Bienvenue sur Scribd !

  • Easy Calc Tutorial

    Transféré par

    api-3722281
    43 vues2 pages
    Easycalc crackme asks us to insert a valid password. If the code isn't correct it shows the string "hey. You're in the wrong way :("

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    RTF, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Easycalc crackme asks us to insert a valid password. If the code isn't correct it shows the string "hey. You're in the wrong way :("

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme RTF, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    43 vues2 pages

    Easy Calc Tutorial

    Transféré par

    api-3722281
    Easycalc crackme asks us to insert a valid password. If the code isn't correct it shows the string "hey. You're in the wrong way :("

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme RTF, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    11111 1 1111 1 1 1 11111 11111 1111 1 1111 1 1 1111

    11111
    1 1 1 1 11 1 1 1 1111 1 1 1 11 1
    11111
    1 11111 1 11 11111 1 1 1 11111 1 11 111
    1 1
    1 1 1 1111 1 1 1 1 1 1 1 1 1111 1 1 1111
    1 1
    11 11111 11111
    1 1

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @@@@@@@

    title : easycalc crackme

    crack : find the password

    tools : jack's cracker


    _ _ _
    level : easy |x| medium |_| hard |_|

    ###########################

    this dos crackme asks us to insert a valid password. if the code isn't correct it
    shows the string "hey ... you're in the wrong way :(".
    ok. if we check the pe code, we see it has packed with upx. after unpack it (with
    upx too) we open it with olly and we find the bad string into the code. now we're
    here:

    004012f9 . 8b45 f8 mov eax,dword ptr ss:[ebp-8] ; ||||


    004012fc . 8945 f0 mov dword ptr ss:[ebp-10],eax ; ||||
    004012ff . c70424 901240>mov dword ptr ss:[esp],easycalc.00401290 ; ||||ascii
    "password :"
    00401306 . e8 55050000 call <jmp.&msvcrt.printf> ; |||\printf
    0040130b . 8d45 f4 lea eax,dword ptr ss:[ebp-c] ; |||
    0040130e . 894424 04 mov dword ptr ss:[esp+4],eax ; |||
    00401312 . c70424 9b1240>mov dword ptr ss:[esp],easycalc.0040129b ; |||ascii
    "%d"
    00401319 . e8 32050000 call <jmp.&msvcrt.scanf> ; ||\scanf
    0040131e . c70424 9e1240>mov dword ptr ss:[esp],easycalc.0040129e ; ||
    00401325 . e8 36050000 call <jmp.&msvcrt.printf> ; |\printf
    0040132a . 8b45 f4 mov eax,dword ptr ss:[ebp-c] ; | <-- put our password
    0040132d . 3b45 f0 cmp eax,dword ptr ss:[ebp-10]; | <-- compare our
    password with correct one
    00401330 . 75 0e jnz short easycalc.00401340 ; | <-- if our isn't the
    same, jump to bad string
    00401332 . c70424 a01240>mov dword ptr ss:[esp],easycalc.004012a0 ; |ascii "good
    work :)"
    00401339 . e8 22050000 call <jmp.&msvcrt.printf>; \printf
    0040133e .^ eb b2 jmp short easycalc.004012f2
    00401340 > c70424 b01240>mov dword ptr ss:[esp],easycalc.004012b0 ; |ascii
    "hey... you're in the wrong way :(" <-- bad string
    00401347 . e8 14050000 call <jmp.&msvcrt.printf> ; \printf
    0040134c .^ eb a4 jmp short easycalc.004012f2

    if we see at address 0040132d at stack [ebp-10] we find the correct password! ( the
    password in memory is an hex number, so we've to change it in a decimal number
    before to insert it !)

    the correct password is : 34275591

    p.s. there's a small bug in this file... try to insert a letter into the password
    and see the disaster ;-)))

    special thank’s to ingrid….. thank u my love J

    Vous aimerez peut-être aussi